[isf-wifidog] protecting the gateway status page

[Wichert Akkerman]

Previously Wichert Akkerman wrote:
> The gateway status page is readable for everyone at the moment. This has
> several downsides for me:
> 
> - it includes all information needed to disconnect a user using the
>   manual disconnect feature I'm implementing. That makes it a security
>   problem.
> 
> - I use wifidog in a highly commercial environment (airport lounges at
>   Amsterdam Airport Schiphol) and do not want everyone to be able to see
>   how many people are connecting and which IPs/MACs they have. That
>   has both security issues (MAC addresses reveal a lot about the type of
>   machine someone uses for example) and bussiness reasons (the usage
>   figures are confidential).
> 
> I intend to add optional HTTP authentication to the status page.
> LibHTTPD provides that option so it should be a simple change.

I've implemented and tested this: http://dev.wifidog.org/ticket/463

Wichert.

-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.